CVE-2021-0992

LOW Year: 2021
CVSS v3 Score
3.3
Low
CVSS v2 Score
1.9
Low
Weakness Type
CWE-1021
View all →

Vulnerability Description

In onCreate of PaymentDefaultDialog.java, there is a possible way to change a default payment app without user consent due to tapjack overlay. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-180104327

Related Vulnerabilities

CVE-2024-20810

LOW
CVSS:3.3(Low)

Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows local attackers to get sensitive information.

CWE-10212024

CVE-2023-0057

LOW
CVSS:3.1(Low)

Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33.

CWE-10212023

CVE-2023-0654

LOW
CVSS:3.7(Low)

Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on ...

CWE-10212023

CVE-2024-30109

LOW
CVSS:3.7(Low)

HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link ...

CWE-10212024

CVE-2022-20226

LOW
CVSS:3.9(Low)

In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges ne...

CWE-10212022

CVE-2023-0780

MEDIUM
CVSS:4.0(Medium)

Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev.

CWE-10212023